Solved

Attempting Strange VPN Setup

Posted on 2006-11-04
7
198 Views
Last Modified: 2010-03-18
I want to attempt a strange VPN setup (strange to me).  I'd like to ask the routing experts here if this setup will work.  I've linked Network map of what I want to try.

http://www.bradfox.info/images/DoesThisWork.pdf

Router A is my home Internet Gateway.  The real LAN IP is 192.168.0.1 (wrong on the map)
Router B will be a VPN endpoint to work and will use Router A as it's Internet Gateway

I want to know if using the static route shown on Router A and the mis-matching subnets on router B will allow traffic to 192.168.1.x network to route correctly.  I know I'm probably breaking all kinds of RFC rules but I don't care, it's my home network.

I do not want to route all internet traffic through Router B because it's a POS and crashes games but will sustain a RDP connection just fine to work.
0
Comment
Question by:mcsween
  • 4
  • 3
7 Comments
 
LVL 21

Author Comment

by:mcsween
ID: 17874999
I forgot to mention, Router A is the main gateway for all PCs on my home network.
0
 
LVL 21

Author Comment

by:mcsween
ID: 17875026
I just realized that Router B probably needs some kind of static route to get traffic from the 192.168.1.x network back to 192.168.0.10.  I'm not sure how that would work tho...
0
 
LVL 8

Expert Comment

by:saw830
ID: 17878296
Hi,

Hummm.... there are several much better ways of doing this, but since Router B is "a POS and crashes games", I take it that you can't or won't replace it.  (You didnt' ask this part, but if that were mine I'd try to work out what was breaking and get it fixed.  Probably just needs a firmware upgrade.)

I doubt that router B will let you set it up that way.  It has it's WAN and LAN ports in the same network.  Usually they are smarter then that and not let you save the configuration.  That's rather like me asking you to pass a message to Mary when I'm as close to her as you are.

You didn't say what your PC operating system is, so I'll assume some recent version of Windows, perhaps 2000 or XP.  If so, it can have two addresses at the same time.  Here's what I'd do:

Set the LAN port of Router B to 10.1.1.1/255.255.255.0, but leave the rest of the network as your drawing shows.  Assign 10.1.1.2/255.255.255.0 to your PC as a second address.  On your PC open a command prompt and type the command: ROUTE ADD 192.168.1.0 MASK 255.255.255.0 10.1.1.1 -P

I've never done this exactly, but I believe that it will work.  Also, it's unorthodox, but given your constraints, should be doable.

Hope this helps,
Alan
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 21

Author Comment

by:mcsween
ID: 17914262
Well, I'm using a 255.255.255.240 subnet on the WAN and LAN side of the router with IPs in different ranges.  This should allow me to assign 192.168.1.240 to the WAN and 192.168.1.5 to the LAN side, shouldn't it?

I previously had the dual NIC scenerio setup with static routes but that was causing some issues with other applications I run.
0
 
LVL 8

Accepted Solution

by:
saw830 earned 500 total points
ID: 17926402
Hi,

You are correct, a 255.255.255.240 mask will certainly break the larger net into smaller networks.  Your ip addresses are okay except that your 240 address is on a boundary and needs to move up one to 192.168.1.241.  The actual ranges for those addresses, using the 255.255.240 mask are:
192.168.1.5 is in the 192.168.1.0 network with 192.168.1.1 - 192.168.1.14 useable addresses.
192.168.1.241 is in the 192.168.1.240 network with 192.168.1.241 - 254 useable addresses.

Alan
0
 
LVL 21

Author Comment

by:mcsween
ID: 17948876
yea, 241, that's what I had in my drawing, just typoed it here.

I'm still need a static route to get traffic back to 192.168.0.10 from the 192.168.1.0 network.  Any idea how this route would look?
0
 
LVL 8

Expert Comment

by:saw830
ID: 17975605
Hi,

Okay, I've slept a couple times since I last looked at this, so I may be off a little, but I'll give it a shot....

The Work Gateway device needs to have a route added for 192.168.0.0 255.255.255.0 pointing to Router B.  If Work Gateway were a PC, which I expect that it isn't, then the command wouuld be ROUTE ADD 192.168.0.0 MASK 255.255.255.0 10.1.1.1, I *think*, but it will probably depend on what type of VPN you are doing.  Due to the configuration, Router B is in the middle of everything and knows how to get to all three networks.

Hope this helps, but it's eary monday morning here and I'm still a bit fuzzy....

Alan
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This video discusses moving either the default database or any database to a new volume.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now